[Bug 7892] iTunes start-up

Wine Bugs wine-bugs at winehq.org
Sun Apr 29 18:24:33 CDT 2007


------- Additional Comments From focht at gmx.net  2007-29-04 18:24 -------
Created an attachment (id=6025)
 --> (http://bugs.winehq.org/attachment.cgi?id=6025&action=view)
screenshot of iTunes running under wine (heavily hacked)


--- quote ---
And you're sure that you're using native crypt32.dll? Not the builtin one wine 

ships with?
--- quote ---

My guess: he's using an outdated version (date 2002) of native crypt32.dll
(probably leeched off some freedll site).
There are different versions floating around the net.
Anyway, using native wintrust, crypt32 and rpcrt4 wont get you much further.

Looking at the trace/log it seems to connect to keysvc LPC port/keysvc named
The whole cryptographic services endpoints (RPC services/keysvc) which
implement IKeySvc and ICertProtect interfaces are missing.
>From my knowledge there is no way wine could provide this now.

I can provide working I_CryptUninstallOssGlobal and I_CryptInstallOssGlobal
stub implementations if needed (glanced at the current implementation in
crypt32: one is a dirty hack, the other one is missing).

But this wont help you anyway (off-topic).

This one says it all:

--- quote ---
Probably we need to improve the stubs in wintrust.
--- quote ---

'Improve' is quite an understatement.
Lots of work that needs to be done.

I *heavily hacked* wintrust stubs some hours to get iTunes finally started but
i wouldnt consider making it public.
Too much iTunes specific knowledge/hacks.
The problem is: there is currently no infrastructure in wintrust module which
is needed to implement all the stuff (providers/management).

Just to give an impression (WinVerifyTrust):

iTunes verifies the digital certificates (CERTs) of some excutables.
I hacked a code path for the WTD_STATEACTION_VERIFY and WTD_CHOICE_FILE case
(and WTD_STATEACTION_CLOSE for cleanup).
That included:

- setting up fake CRYPT_PROVIDER_DATA
- setting up fake CRYPT_PROVIDER_SGNR (signer)
- setting up fake CRYPT_PROVIDER_CERT (by using CertCreateSelfSignCertificate()
from test case).
- get around CertGetNameStringW() checks by using the right SubjectName
(created fake blob with CN= "Apple Computer, Inc.") before 
- get around CertComparePublicKeyInfo() checks by adjusting the public key info
after cert creation to match the client one (couldnt find an easy way with
CertCreateSelfSignCertificate without rewriting/dup all the code)

Implemented WTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain and
WTHelperGetProvCertFromChain (that were easy ones, though some bits missing /
counter signers), could be used in public code (easy ones).

After public key info matched, it finally started (see screenshot) - though I
didnt test much far.
I'm somewhat unfamilar/uneasy with DRM enabled software :)

Basically said: if apple iTunes uses wintrust api to verify executable
certificates (which seems the case for future versions) have one implement all
the stuff.
This could be some students task (SoC or the like).

For now, use an earlier version (6.x?) which doesnt employ CERT signing checks
on executables (wintrust api).


Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the wine-bugs mailing list